Google fixed CVE-2026-14155 in Chrome 150.0.7871.47 for Windows and Mac on June 30, 2026, after documenting that a StorageAccessAPI policy-enforcement flaw could let a remote attacker leak cross-origin data through a crafted HTML page. The vulnerability is not the scariest bug in Chrome 150, and...
CVE-2026-14156 is a Google Chrome StorageAccessAPI policy-enforcement flaw disclosed on June 30, 2026, affecting Chrome versions before 150.0.7871.47 and allowing a remote attacker with an already-compromised renderer process to bypass same-origin policy using a crafted HTML page. The short...
Today, we’re excited to announce the “first-look” rollout of the Storage Access API in our Canary and Dev channels. For developers, this API allows them to determine whether their access to browser-based storage is restricted by a user’s privacy settings and to request storage access from users...
access requests
chromium
cookies
data management
developers
embedded content
feedback
javascript
microsoft edge
privacy
sandbox
storage access
storageaccessapi
third-party cookies
tracking prevention
user control
user experience
web development
web standards